Wikipedia

J. Alex Halderman

John Alexander Halderman[1](bornc.January 1981) is an American computer scientist. He currently serves as a professor ofcomputer science and engineeringat theUniversity of Michigan,as well as being the director of the Center for Computer Security and Society atMichigan Engineering.His research focuses oncomputer securityandprivacy,with an emphasis on problems that broadly impact society and public policy.

John Alexander Halderman
Bornc.January 1981 (age 43)
Pennsylvania,United States
Alma materPrinceton University
Known for2016 United States presidential election recounts
AwardsSloan Research Fellowship,Pwnie Award
Scientific career
FieldsComputer science
InstitutionsUniversity of Michigan
ThesisInvestigating security failures and their causes: An analytic approach to computer security(2009)
Doctoral advisorEdward Felten
WebsitejhaldermEdit this at Wikidata

Education

edit

FromPrinceton University,Halderman received aBachelor of Artssumma cum laudein June 2003, aMaster of Artsin June 2005, and aDoctor of Philosophyin June 2009, all in computer science.[2]

Career and research

edit

As a student at Princeton, Halderman played a significant role in exposing flaws indigital rights management(DRM) software used oncompact discs.In 2004, he discovered that a DRM system calledMediaMax CD-3could be bypassed simply by holding down theshift keywhile inserting a CD.[citation needed]The company behind the system briefly threatened him with a $10 million lawsuit, landing him on the front page ofUSA Today.[3]Later, in 2005, he helped show that a DRM system calledExtended Copy Protectionfunctioned identically to arootkitand weakened the security of computers in which audio CDs were played.[citation needed]The ensuingSony BMG copy protection rootkit scandalled to the recall of millions of CDs, class action lawsuits, and enforcement action by the U.S.Federal Trade Commission.[citation needed]

In 2008, Halderman led the team that discovered thecold boot attackagainstdisk encryption,which allows an attacker with physical access to a computer device to extract encryption keys or other secrets from its memory. The technique, which was initially effective against nearly every full-disk encryption product on the market, exploitsDRAMdata remanenceto retrieve memory contents even after the device has been briefly powered off.[4]One version of the technique involves cooling DRAM modules withfreeze sprayto slow data decay, then removing them from the computer and reading them in an external device. It has become an important part ofcomputer forensicspractice and has also inspired a wide variety of defensive research, such as leakage-resilient cryptography and hardware implementations of encrypted RAM. For their work developing the attack, Halderman and his coauthors received thePwnie Awardfor Most Innovative Research and the Best Student Paper Award from theUSENIXSecurity Symposium.

At theUniversity of Michigan,Halderman and coauthors performed some of the first comprehensive studies ofInternet censorship in China[5]and inIran,[6]and of underground "street networks"in Cuba.[7]In 2009, he led a team that uncovered security problems and copyright infringement inclient-side censorship softwaremandated by the Chinese government.[8]The findings helped catalyze popular protest against the program, leading China to reverse its policy requiring its installation on new PCs. In 2011, Halderman and his students inventedTelex,a new approach to circumventing Internet censorship, partially by placing anticensorship technology into core network infrastructure outside the censoring country. With support from theUnited States Department of State,which called the technique a "generational jump forward" in censorship resistance,[9]Halderman led a multi-institutional collaboration that further developed the technology and deployed it at ISP-scale under the name Refraction Networking.[10]In 2015, United States Ambassador to the United NationsSamantha Powerbrought him to New York to demonstrate the technology at a meeting alongside theGeneral Assembly.[9]

In 2012, Halderman and coauthors discovered serious flaws inrandom number generatorsthat weakened thepublic-key cryptographyused forHTTPSandSSHservers in millions ofInternet of thingsdevices. Theydisclosed vulnerabilitiesto 60 device manufacturers and spurred changes to theLinuxkernel.[11]Their work received the Best Paper Award at the USENIX Security Symposium and was named one of the notable computing articles of the year byACM Computing Reviews.[12]Halderman played a significant role in fi xing several major vulnerabilities in theTLS protocol.He was a co-discoverer of theLogjam[13]andDROWN[14]attacks, and conducted the first impact assessment of theFREAKattack.[15]The three flaws compromised the security of tens of millions of HTTPS websites and resulted in changes to HTTPS server software, web browsers, and the TLS protocol. Since they worked by exploiting remnants of ways in which older versions of the protocol had been deliberately weakened due to 1990s-era restrictions on theexport of cryptography from the United States,[16]they carried lessons for the ongoing public policy debate aboutcryptographic back doors for law enforcement.[17]

Halderman's Logjam work also provided a plausible explanation for a major question raised by theEdward Snowden revelations:how theNational Security Agencycould be decoding large volumes of encrypted network traffic. By extrapolating their results to the resources of a major government, the researchers concluded that nation-state attackers could plausibly break 1,024-bitDiffie-Hellman key exchangeusing a purpose-builtsupercomputer.[18]For a cost on the order of a hundred million dollars, an intelligence agency could break the cryptography used by about two-thirds of allvirtual private networks.[19]Snowden publicly responded that he shared the researchers suspicions and blamed the U.S. government for failing to close a vulnerability that left so many people at risk.[20]The work received the 2015Pwnie Awardfor Most Innovative Research and was named Best Paper at the ACM Conference on Computer and Communications Security.

In 2013, Halderman and hisgraduate studentscreatedZMap,afree and open-sourcesecurity scanningtool designed for information security research.[21] By making efficient use ofnetwork bandwidth,ZMap can scan the Internet's entireIPv4address spacein under an hour, allowing researchers to quantify vulnerable systems, track the adoption of security patches, and even measure the impact ofnatural disastersthat disrupt Internet access.[22]Halderman and collaborators used it to track theOpenSSL Heartbleed vulnerability[23]and raised the global rate of patching by 50% by warning the operators of unpatched web servers.[24]Their work won the Best Paper award at the ACM Internet Measurement Conference. In partnership withGoogle,Halderman's research group used ZMap to study the security ofemail delivery,[25]highlighting seven countries where more than 20% of inbound Gmail messages arrived unencrypted due tonetwork attackers.[26]To mitigate the problem,Gmailadded an indicator to let users know when they receive a message that wasn't delivered using encryption, resulting in a 25% increase in inbound messages sent over an encrypted connection.[27]Halderman and his collaborators were recognized with the 2015IRTFApplied Networking Research Prize.

In order to accelerate the adoption of encryption by web servers, Halderman in 2012 partnered withMozillaand theElectronic Frontier Foundationto found theLet's Encrypt HTTPS certificate authority.Let's Encrypt providesHTTPS certificatesat no cost through an automated protocol, significantly lowering the complexity of setting up and maintaining TLS encryption. Since its launch in 2016, Let's Encrypt has grown to protecting more than 150 million web sites.[28]Halderman and his students laid the foundation for theIETF-standard protocol that clients use to interface with the CA, theAutomated Certificate Management Environment.[29]He sits on the board of directors of theInternet Security Research Group,the non-profit that operates Let's Encrypt.[30]He is also a co-founder and chief scientist of Censys,[31]a network security company that he says aims to "change the way security works by making it more quantitative, more precise, and more accurate."[32]

In 2015, Halderman was part of a team of proponents that includedSteven M. Bellovin,Matt Blaze,Nadia Heninger,andAndrea M. Matwyshynwho successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act.[33]

Halderman was awarded aSloan Research Fellowshipin 2015 by theAlfred P. Sloan Foundation,and in 2019 he was named an Andrew Carnegie Fellow by theCarnegie Corporation of New York.[34]He was profiled in the November 2016 issue ofPlayboy.[9]

Electronic voting

edit

After the2016 United States presidential election,computer scientists, including Halderman, urged theClinton campaignto request anelection recountin Wisconsin, Michigan, and Pennsylvania (three swing states whereTrumphad won narrowly, while Clinton won New Hampshire and Maine narrowly) for the purpose of excluding the possibility that the hacking of electronicvoting machineshad influenced the recorded outcome.[35][36][37]

On June 21, 2017, Halderman testified before theUnited States Senate Select Committee on Intelligence.[38][39][40]The hearing, titled "Russian Interference in the 2016 U.S. Election",focused on the federal government's role in safeguarding U.S. elections from outside interference. Halderman discussed his own research in computer science and cybersecurity. He discussed one instance where he tampered with a voting machine anddemonstrated the ability to change the outcome of an election.He also made three policy recommendations to safeguard U.S. elections: upgrading and replacing obsolete and vulnerable voting machines; consistently and routinely checking that American elections results are accurate; and applying cybersecurity best practices to the design of voting equipment and the management of elections. Halderman fielded questions from the Senators about his research and policy recommendations. At the end of the hearing,Chairman Burrpraised Halderman for his work and noted how important his research is.[citation needed]

Following the2020 United States presidential election,Halderman stated that a software glitch during the unofficial vote tally was not caused by fraud, but rather by human error,[41]and said the conspiracy theory that a supercomputer was used to switch votes from Trump toBidenwas "nonsense".[42]

Hisexpert witnessreport on voting machine vulnerabilities was filed in a Georgia caseunder seal,but is sought by litigants in another case and anelection officialin Louisiana.[43]

In 2022, CISA issued the advisory "Vulnerabilities Affecting Dominion Voting Systems ImageCast X" based on research by Halderman.[44]

References

edit
  1. ^"Investigating security failures and their causes: An analytic approach to computer security - ProQuest".proquest.Retrieved2024-11-19.
  2. ^"J. Alex Halderman".jhalderm.Retrieved2022-05-08.
  3. ^Noden, Merrell (2006-03-22)."Who's Afraid of Alex Halderman '03?".Princeton Alumni Weekly.Retrieved2019-06-09.
  4. ^Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W. (2009)."Lest we remember: cold-boot attacks on encryption keys"(PDF).Communications of the ACM.52(5): 91–98.doi:10.1145/1506409.1506429.ISSN0001-0782.S2CID7770695.
  5. ^Xu, Xueyang;Mao, Z. Morley;Halderman, J. Alex (2011)."Internet Censorship in China: Where Does the Filtering Occur?"(PDF).Passive and Active Measurement.Lecture Notes in Computer Science.6579.Springer: 133–142.Bibcode:2011LNCS.6579..133X.doi:10.1007/978-3-642-19260-9_14.ISBN978-3-642-19259-3.
  6. ^Aryan, Simurgh; Aryan, Homa; Halderman, J. Alex (2013)."Internet Censorship in Iran: A First Look"(PDF).Third USENIX Workshop on Free and Open Communications on the Internet (FOCI).
  7. ^Pujol, Eduardo; Scott, Will; Wustrow, Eric; Halderman, J. Alex (2017)."Initial Measurements of the Cuban Street Network"(PDF).ACM Internet Measurement Conference.
  8. ^Wolchok, Scott; Yao, Randy; Halderman, J. Alex (2009-06-18)."Analysis of the Green Dam Censorware System".Retrieved2019-06-09.
  9. ^abcFriess, Steve (29 September 2016)."Technology Will Destroy Democracy Unless This Man Stops It".Playboy.Archived fromthe originalon 25 November 2016.Retrieved24 November2016.
  10. ^Frolov, Sergey; Douglas, Fred; Scott, Will; McDonald, Allison; VanderSloot, Benjamin; Hynes, Rod; Kruger, Adam; Kallitsis, Michalis; Robinson, David G.; Borisov, Nikita; Halderman, J. Alex; Wustrow, Eric (2017)."An ISP-Scale Deployment of TapDance"(PDF).7th USENIX Workshop on Free and Open Communications on the Internet.
  11. ^Heninger, Nadia; Durumeric, Zakir; Wustrow, Eric; Halderman, J. Alex (2012)."Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices"(PDF).21st USENIX Security Symposium.
  12. ^Condon, Angela."Notable Computing Books and Articles of 2012".ACM Computing Reviews.
  13. ^Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (2019)."Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice"(PDF).Communications of the ACM.61(1): 106–114.doi:10.1145/3292035.S2CID56894427.
  14. ^Aviram, Nimrod; Schinzel, Sebastian; Somorovsky, Juraj; Heninger, Nadia; Dankel, Maik; Steube, Jens; Valenta, Luke; Adrian, David; Halderman, J. Alex; Dukhovni, Viktor; Käsper, Emilia; Cohney, Shaanan; Engels, Susanne; Paar, Christof; Shavitt, Yuval (2016)."DROWN: Breaking TLS using SSLv2"(PDF).25th USENIX Security Symposium.
  15. ^"The FREAK Attack".2015-03-03.Retrieved2019-06-10.
  16. ^"What factors contributed to DROWN?".The DROWN Attack.2016.
  17. ^Goodin, Dan (2016-03-01)."More than 11 million HTTPS websites imperiled by new decryption attack".Ars Technica.Retrieved2019-06-10.
  18. ^Milgrom, Randy (2017)."Courage to Resist: The High-Stakes Adventures of J. Alex Halderman".The Michigan Engineer.
  19. ^Halderman, J. Alex; Heninger, Nadia (2015-10-14)."How is NSA breaking so much crypto?".Freedom-to-Tinker.Retrieved2019-06-10.
  20. ^Guthrie Weissman, Cale (2015-05-21)."Edward Snowden weighs in on the huge internet vulnerability that could have helped the US spy on citizens".Business Insider.Retrieved2019-06-10.
  21. ^Durumeric, Zakir; Wustrow, Eric; Halderman, J. Alex (2013)."ZMap: Fast Internet-Wide Scanning and its Security Applications"(PDF).22nd USENIX Security Symposium.
  22. ^Lee, Timothy B. (2013-08-13)."Here's what you find when you scan the entire Internet in an hour".The Washington Post.Retrieved2019-06-11.
  23. ^Durumeric, Zakir; Li, Frank; Kasten, James; Amann, Johanna; Beekman, Jethro;Payer, Mathias;Weaver, Nicolas; Adrian, David; Paxson, Vern; Bailey, Michael; Halderman, J. Alex (2014). "The Matter of Heartbleed".Proceedings of the 2014 Conference on Internet Measurement Conference.pp. 475–488.doi:10.1145/2663716.2663755.ISBN9781450332132.S2CID142767.{{cite book}}:CS1 maint: date and year (link)
  24. ^Gallagher, Sean (2014-04-10)."Researchers find thousands of potential targets for Heartbleed OpenSSL bug".Ars Technica.Retrieved2019-06-10.
  25. ^Durumeric, Zakir; Adrian, David; Mirian, Ariana; Kasten, James; Bursztein, Elie; Lidzborski, Nicholas; Thomas, Kurt; Eranti, Vijay; Bailey, Michael; Halderman, J. Alex (2015). "Neither Snow nor Rain nor MITM: An Empirical Analysis of Email Delivery Security".15th ACM Internet Measurement Conference.
  26. ^Bursztein, Elie; Lidzborski, Nicolas (2015-11-12)."New Research: Encouraging trends and emerging threats in email security".Google Security Blog.Retrieved2019-06-11.
  27. ^Lidzborski, Nicolas; Pevarnek, Jonathan (2016-03-24)."More Encryption, More Notifications, More Email Security".Google Security Blog.Retrieved2019-06-11.
  28. ^Aas, Josh (2018-12-31)."Looking Forward to 2019".Let's Encrypt Blog.Retrieved2019-06-11.
  29. ^Barnes, R.; Hoffman-Andrews, J.; McCarney, D.; Kasten, J. (2019-03-12).Automatic Certificate Management Environment (ACME).IETF.doi:10.17487/RFC8555.RFC8555.Retrieved2019-03-13.
  30. ^"About Internet Security Research Group".Internet Security Research Group.Retrieved2019-06-11.
  31. ^"About Us - Censys".Retrieved2019-06-09.
  32. ^"2018 Tech Transfer Annual Report"(PDF).University of Michigan.2019.Retrieved2019-06-10.
  33. ^"Section 1201 Rulemaking: Sixth Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention"(PDF).
  34. ^"Two U-M professors awarded Carnegie Fellowships".Michigan News. 2019-04-23.Retrieved2019-06-09.
  35. ^Dan Merica (23 November 2016)."Computer scientists to Clinton campaign: Challenge election results".CNN.Retrieved2016-11-23.
  36. ^Gabriel, Trip; Sanger, David E. (2016-11-23)."Hillary Clinton Supporters Call for Vote Recount in Battleground States".The New York Times.Retrieved2017-06-26.
  37. ^Halderman, J. Alex (2016-11-24)."Want to Know if the Election was Hacked? Look at the Ballots".Medium.Retrieved2016-11-24.
  38. ^Naylor, Brian (2017-06-21)."U.S. Elections Systems Vulnerable, Lawmakers Told In Dueling Hearings".National Public Radio.Retrieved2017-06-26.My conclusion is that our highly computerized election infrastructure is vulnerable to sabotage, and even to cyberattacks that could change votes. These realities risk making our election results more difficult for the American people to trust. I know America's voting machines are vulnerable because my colleagues and I have hacked them.
  39. ^"Hearings | Intelligence Committee".U.S. Senate.Retrieved2017-06-26.
  40. ^"Expert Testimony by J. Alex Halderman"(PDF).U.S. Senate. 2017-06-21.Retrieved2017-06-26.
  41. ^"US election fact check: The voting dead?".November 10, 2020.RetrievedDecember 4,2020.
  42. ^Fichera, Angelo; Spencer, Saranac (November 13, 2020)."Bogus Theory Claims Supercomputer Switched Votes in Election".RetrievedDecember 4,2020.Likewise, J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, told us the conspiracy theory is "nonsense."
  43. ^Kate Brumback. Associated Press. (January 13, 2022) "Fox News, Others Seek Access to Report on Voting Machines".USNews websiteRetrieved March 12, 2022.
  44. ^"Vulnerabilities Affecting Dominion Voting Systems ImageCast X | CISA".cisa.gov.3 June 2022.
edit
Retrieved from "https://en.wikipedia.org/w/index.php?title=J._Alex_Halderman&oldid=1258471949"